Abstract- Software obfuscation is defined as a transfor-mation of a program P into T(P) such that the whiteboxand blackbox behaviors of T(P) are computationally in-distinguishable. However, robust obfuscation is impossibleto achieve with the existing software only solutions. Thisresults from the power of the adversary model in DRMwhich is significantly more than in the traditional securityscenarios. The adversary has complete control of thecomputing node - supervisory privileges along with thefull physical as well as architectural object observationalcapabilities. In essence, this makes the operating system (orany other layer around the architecture) untrustworthy.Thus the trust has to be provided by the underlyingarchitecture. In this paper, we develop an architecture tosupport 3-D obfuscation through the use of well knowncryptographic methods. The three dimensional obfuscationhides the address sequencing, the contents associated withan address, and the temporal reuse of address sequencessuch as in loops (or the second order address sequenc-ing). The software is kept as an obfuscated file systemimage statically. Moreover, its execution traces are alsodynamically obfuscated along all the three dimensions ofaddress sequencing, contents and second order addresssequencing. Such an obfuscation makes it infinitesimallylikely that good tampering points can be detected. This inturn provides with a very good degree of tamper resistance.With the use of already known software distribution modelof ABYSS and XOM, we can also ensure copy protection.This results in a complete DRM architecture to provideboth copy protection and IP protection.Index Terms- Obfuscation, Digital rights management,Secure systems architecture.I. INTRODUCTIONDIGITAL rights management (DRM) deals with in-tellectual property (IP) protection and unauthorizedcopy protection. The IP protection is typically providedthrough a combined strategy of software obfuscation andtamper resistance. Thus these three properties becomefundamental to DRM systems. DRM violations for soft-ware can result in either financial losses for the software

developers or a loss of competitive advantage in a criticaldomain such as defense (for example when an aircraftlost in hostile territory contains embedded systems withcritical IP). Software piracy alone accounted for $13billion annual loss [ ] to the software industry in 2002.Software digital rights management traditionally consistsof watermarking, obfuscation, and tamper-resistance. Allof these tasks are made difficult due to the power ofadversary. The traditional security techniques assumethe threat to be external. The system itself is not anadversary. This provides a safe haven or sanctuary formany security solutions. However, in DRM domain,the OS itself is not trustworthy. On the contrary, OSconstitutes the primary and formidable adversary. Hencethe primary distinction between the traditional securityand DRM is that the focus shifts from the problem ofprotecting the OS from an adversary to the problem ofprotecting an application program from the OS.Any software-only solution to achieve DRM seems tobe inadequate. It leads to the classical meta-level incon-sistencies encountered in classical software verificationderived from GOdel's incompleteness theorem. In theend, in most scenarios, it reduces to the problem oflast mile wherein only if some small kernel of valuescould be isolated from the OS (as an axiom), the entireschema can be shown to work. At this point, it is worthnoting that even in the Microsoft's next generation securecomputing base (NGSCB) [ ], the process isolation fromOS under a less severe adversary model is performedwith hardware help. The NGSCB's goal is to protectthe process from the OS corrupted by external attacksby maintaining a parallel OS look-alike called nexus.The nexus in turn relies upon a hardware SecuritySupport Component (SSC) for performing cryptographicoperations and for securely storing cryptographic keys.The trusted computing group consisting of AMD, HP,IBM, and Intel among many others is expected to releasetrusted platform module (TPM) [ ], to provide the SSC.The TPM is designed to provide such a root of trust